Home
Security Hardening
CIS Windows Server 2012 R2 MS L2 V2.5.0

CIS Windows Server 2012 R2 MS L2 V2.5.0

Ensure ‘Enable/Disable PerfTrack’ is set to ‘Disabled’
Details This policy setting specifies whether to enable or disable tracking of responsiveness events. The recommended state for this setting...
Ensure ‘Enable Windows NTP Client’ is set to ‘Enabled’
Details This policy setting specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer...
Ensure ‘Enable Windows NTP Server’ is set to ‘Disabled’ (MS only)
Details This policy setting allows you to specify whether the Windows NTP Server is enabled. The recommended state for this...
Ensure ‘Interactive logon: Number of previous logons to cache (in case domain controller is not available)’ is set to ‘4 or fewer logon(s)’ (MS only)
Details This policy setting determines whether a user can log on to a Windows domain using cached account information. Logon...
Ensure ‘Join Microsoft MAPS’ is set to ‘Disabled’
Details This policy setting allows you to join Microsoft Active Protection Service (MAPS), which Microsoft has now renamed to Windows...
Ensure ‘Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider’ is set to ‘Disabled’
Details This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data...
Ensure ‘MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds’ is set to ‘Enabled: 300,000 or 5 minutes (recommended)’
Details This value controls how often TCP attempts to verify that an idle connection is still intact by sending a...
Ensure ‘MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)’ is set to ‘Disabled’
Details This setting is used to enable or disable the Internet Router Discovery Protocol (IRDP), which allows the system to...
Ensure ‘MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted’ is set to ‘Enabled: 3’
Details This setting controls the number of times that TCP retransmits an individual data segment (non-connect segment) before the connection...
Ensure ‘MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted’ is set to ‘Enabled: 3’
Details This setting controls the number of times that TCP retransmits an individual data segment (non-connect segment) before the connection...

Prev Next

CIS Windows Server 2012 R2 MS L2 V2.5.0

Ensure ‘Enable/Disable PerfTrack’ is set to ‘Disabled’

Ensure ‘Enable Windows NTP Client’ is set to ‘Enabled’

Ensure ‘Enable Windows NTP Server’ is set to ‘Disabled’ (MS only)

Ensure ‘Interactive logon: Number of previous logons to cache (in case domain controller is not available)’ is set to ‘4 or fewer logon(s)’ (MS only)

Ensure ‘Join Microsoft MAPS’ is set to ‘Disabled’

Ensure ‘Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider’ is set to ‘Disabled’

Ensure ‘MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds’ is set to ‘Enabled: 300,000 or 5 minutes (recommended)’

Ensure ‘MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)’ is set to ‘Disabled’

Ensure ‘MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted’ is set to ‘Enabled: 3’

Ensure ‘MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted’ is set to ‘Enabled: 3’